Ed Foster's Gripelog || Comments Intuit's Razor

INFOWORLD GRIPE LINE BY ED FOSTER

Display: Sort:

Intuit's Razor | 20 comments (20 topical) | Post A Comment

Why is this Digital River's problem?[ Parent | Reply to This ] (none / 0) (#11)
by Anonymous User on Tue Mar 11, 2008 at 11:35:00 AM PDT

I fail to see why this is considered DR's problem. What do you want them to do to confirm an e-mail address that a customer has posted to them? How much feedback handshake to you want to partake in to place an order with an on-line business? I really have no desire to go through a "you placed an order with us, are you who you say you are?", "yes I am", "are you sure" exchange when I place an order. The responsibility for making sure the return e-mail address is correct is mine and mine alone.
A customer places an order with an on-line business. They are usually presented at least two opportunities to assure that the information entered is correct. If the customer deliberately chooses to enter a false e-mail address, then I would place the blame solely and solidly on the customer who does so.
As far as the company that returned "credit card information"; how much information are we talking here? Just the last 4 digits i.e., the e-mail says, "you paid with your Discover card with the last 4 digits 1549" that seems to be the current working trend is hardly a security breach.
I just don't see the issue here.

[ Parent | Reply to This ]

What to do[ Parent | Reply to This ] (none / 0) (#14)
by Anonymous User on Fri Mar 14, 2008 at 01:37:57 PM PDT

What do you want them to do to confirm an e-mail address that a customer has posted to them?
Why, nothing, of course. Instead, their emails can simply not directly disclose any of a consumer's personal info. They can link back to their site with a URL full of ?custID=gibberish?orderID=ghgfh that produces a login prompt and requires a previously established password before it will reveal any data, unless the original customer goes there and hasn't cleared out the cookie set when they logged in before to place the order of course.
The email could say something like order number xyz has now been shipped or whatever, without revealing what the product actually is or where it's going, providing such a link as described above to actually confirm such details; most customers are likely just to be satisfied with the message saying that the thing is on the way though.
If there's no way in hell for the product's identity to be sensitive it might as well be disclosed. New 19" LCD monitor? Fine. X-rated video? Best just to mention a cryptic order-number. :)

[ Parent | Reply to This ]

Not what the original person said[ Parent | Reply to This ] (none / 0) (#16)
by Anonymous User on Wed Mar 19, 2008 at 07:01:58 AM PDT

The original comment was,
Apparently they don't verify that an e-mail address belongs to the correct person before sending information on it.

Sounds to me like the demand was for some sort of e-mail confirmation handshake.

[ Parent | Reply to This ]

Actually...[ Parent | Reply to This ] (none / 0) (#17)
by Anonymous User on Thu Mar 20, 2008 at 05:20:21 AM PDT

...it's perfectly consistent, because the suggestion above would result in their not sending any sensitive information to any email address whatsoever.

[ Parent | Reply to This ]

Intuit's Razor | 20 comments (20 topical) | Post A Comment

Display: Sort:

Menu

· create account
· faq
· search

Login

Make a new account

Username:

Password:

HOME NEWS COLUMNS BLOGS PODCASTS TECHNOLOGIES TEST CENTER EVENTS CAREERS IT EXEC-CONNECT About Awards Contact Us

Copyright © 2006, Reprints, Permissions, Licensing, IDG Network, Privacy Policy.
All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses,
phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services.

ComputerWorld :: LinuxWorld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO
IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp
ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no :: IDG.pl

create account | faq | search

	HOME NEWS COLUMNS BLOGS PODCASTS TECHNOLOGIES TEST CENTER EVENTS CAREERS IT EXEC-CONNECT	About Awards Contact Us
Copyright © 2006, Reprints, Permissions, Licensing, IDG Network, Privacy Policy. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. ComputerWorld :: LinuxWorld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no :: IDG.pl